Friday, July 15, 2022
HomeHackerAn entire Lively Listing Penetration Testing Guidelines

An entire Lively Listing Penetration Testing Guidelines


Active Directory Penetration Testing Checklist

This text covers Lively listing penetration testing that may assist for penetration testers and safety specialists who need to safe their community.

Lively Listing” Referred to as as “AD” is a listing service that Microsoft developed for the Home windows area community. Utilizing it you’ll be able to to manage area computer systems and companies which can be working on each node of your area.

Lively Listing Penetration Testing

On this part, now we have some ranges, the primary degree is reconnaissance your community. each consumer can enter a website by having an account within the area controller (DC).

All this info is simply gathered by the consumer that’s an AD consumer. Within the username, there are two elements that first is the area title and the second half is your username. like beneath :

Reconnaissance Instructions:

+             c: > web consumer

By working this command in CMD (Command Immediate) you’ll be able to simply see native customers in your PC.

+             c: >whoami

This command can assist you to see the present consumer related to Lively Listing logged in.

+             c: >whoami /teams

This command lets you present you the present group

+             c: > web consumer area

This command exhibits you all customers from any group within the lively listing.
additionally, you’ll be able to see each consumer’s group by working this command :

+             c: > web consumer [username] area.

To have a greater look, you’ll be able to consumer “AD Recon” script. AD Recon is a script written by “Sense of Safety“.

It uses about 12 thousand strains of PowerShell script that offers you a very good look to AD and all information that you will want it.

You’ll be able to obtain this script from GitHub: https://github.com/sense-of-security/ADRecon screenshots of the report of this app:

active directory penetration Testing
active directory penetration Testing
Picture2 – Listing of AD Teams
active directory penetration Testing
Picture3 – Listing of DNS File Zones

Once you get all AD customers, now you must check out the group coverage. The group coverage is a characteristic of Microsoft Home windows NT household of working programs that controls the working atmosphere of consumer accounts and laptop accounts. within the group coverage, you’ll be able to see atmosphere coverage reminiscent of”Account Lockout Coverage“.

It’s a technique that presents you networks customers to be safe from password-guessing assaults. Additionally, you’ll be able to see “Password Coverage“. A password coverage is a algorithm designed to boost laptop safety by encouraging customers to make use of sturdy passwords and use them correctly.

Once you get all of the information that you simply want, now you’ll be able to execute totally different assaults on customers like :

Brute Drive Lively Listing

To brute pressure assault on lively listing, you should utilize Metasploit Framework auxiliaries. You’ll be able to use beneath auxiliary:

msf > use auxiliary/scanner/smb/smb_login

The choices of this auxiliary you’ll be able to set username file and password file. and set an IP that has SMB service open.

then you’ll be able to run this auxiliary by coming into “run” command.

In the event you attempt false passwords greater than Account Lockout Coverage, you’ll be able to see this message “Account Has Been Locked out“.

In the event you attempt it on all accounts, all customers will be disabled and you’ll see dysfunction within the community. As you’ll be able to see in Password Coverage, you’ll be able to set your password checklist to brute-force.

All hashes are saved in a file named “NTDS.dit” on this location :

C:WindowsNTDS

You’ll extract hashes from this file by utilizing mimikatz. mimikatz has a characteristic which utilities the Listing Replication Service (DRS) to retrieve the password hashes from NTDS.DIT file. you’ll be able to run it as you’ll be able to see beneath :
mimikatz # lsadump::dcsync /area:pentestlab.native /all /csv

Then you’ll be able to see hashes and password (if the password can be found).

The lively listing consists of a number of companies that run on Home windows servers, it consists of consumer teams, purposes, printers, and different assets.

It helps server directors to handle gadgets related with the community and it consists of quite a few companies reminiscent of Area, Certificates Companies, Light-weight Listing Companies, Listing Federation and rights administration.

Lively listing penetration testing is required for any group, nowaday APT teams actively focusing on Lively Directories utilizing totally different strategies.

Searching for Finest WAF Options on your internet purposes atmosphere?? Register for Free WAF webinar & discover the specialists ideas and Select the Finest one.. Very restricted seats accessible.. seize it right here at ProPhaze.

Supply & Credit

The Article Ready by Omid Shojaei .  All of the Content material of this Article Belongs to above Authentic Writer. This text is just for instructional functions.

You’ll be able to comply with us on LinkedinTwitterFb for each day Cybersecurity updates additionally you’ll be able to take the Finest Cybersecurity programs on-line to maintain your self-updated.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments